giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs11: check inputs 

prevents NULL pointer dereference
This commit is contained in:
Frank Morgner 2019-01-22 12:24:53 +01:00
parent 993f6f5cc6
commit aed95b2f2b
7 changed files with 130 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
src/pkcs11/framework-pkcs15.c
View File

@ -269,7 +269,9 @@ get_fw_data(struct sc_pkcs11_card *p11card, struct sc_app_info *app_info, int *o
struct pkcs15_fw_data *out = NULL; struct pkcs15_fw_data *out = NULL;
int idx; int idx;
for (idx=0; idx < SC_PKCS11_FRAMEWORK_DATA_MAX_NUM; idx++) { if (!p11card)
return NULL;
for (idx=0; p11card && idx < SC_PKCS11_FRAMEWORK_DATA_MAX_NUM; idx++) {
struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fws_data[idx]; struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fws_data[idx];
struct sc_file *file_app = NULL; struct sc_file *file_app = NULL;
@ -307,6 +309,8 @@ pkcs15_bind(struct sc_pkcs11_card *p11card, struct sc_app_info *app_info)
CK_RV ck_rv; CK_RV ck_rv;
sc_log(context, "Bind PKCS#15 '%s' application", app_info ? app_info->label : "<anonymous>"); sc_log(context, "Bind PKCS#15 '%s' application", app_info ? app_info->label : "<anonymous>");
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
for (idx=0; idx<SC_PKCS11_FRAMEWORK_DATA_MAX_NUM; idx++) for (idx=0; idx<SC_PKCS11_FRAMEWORK_DATA_MAX_NUM; idx++)
if (!p11card->fws_data[idx]) if (!p11card->fws_data[idx])
break; break;
@ -351,7 +355,9 @@ pkcs15_unbind(struct sc_pkcs11_card *p11card)
unsigned int i, idx; unsigned int i, idx;
int rv = SC_SUCCESS; int rv = SC_SUCCESS;
for (idx=0; idx<SC_PKCS11_FRAMEWORK_DATA_MAX_NUM; idx++) { if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
for (idx=0; p11card && idx<SC_PKCS11_FRAMEWORK_DATA_MAX_NUM; idx++) {
struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fws_data[idx]; struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fws_data[idx];
if (!fw_data) if (!fw_data)
@ -1015,21 +1021,25 @@ pkcs15_add_object(struct sc_pkcs11_slot *slot, struct pkcs15_any_object *obj,
case SC_PKCS15_TYPE_PRKEY_RSA: case SC_PKCS15_TYPE_PRKEY_RSA:
case SC_PKCS15_TYPE_PRKEY_GOSTR3410: case SC_PKCS15_TYPE_PRKEY_GOSTR3410:
case SC_PKCS15_TYPE_PRKEY_EC: case SC_PKCS15_TYPE_PRKEY_EC:
pkcs15_add_object(slot, (struct pkcs15_any_object *) obj->related_pubkey, NULL); if (slot->p11card != NULL) {
card_fw_data = (struct pkcs15_fw_data *) slot->p11card->fws_data[slot->fw_data_idx]; pkcs15_add_object(slot, (struct pkcs15_any_object *) obj->related_pubkey, NULL);
for (i = 0; i < card_fw_data->num_objects; i++) { if (!slot->p11card)
struct pkcs15_any_object *obj2 = card_fw_data->objects[i]; return;
struct pkcs15_cert_object *cert; card_fw_data = (struct pkcs15_fw_data *) slot->p11card->fws_data[slot->fw_data_idx];
for (i = 0; i < card_fw_data->num_objects; i++) {
struct pkcs15_any_object *obj2 = card_fw_data->objects[i];
struct pkcs15_cert_object *cert;
if (!is_cert(obj2)) if (!is_cert(obj2))
continue; continue;
cert = (struct pkcs15_cert_object*) obj2; cert = (struct pkcs15_cert_object*) obj2;
if ((struct pkcs15_any_object*)(cert->cert_prvkey) != obj) if ((struct pkcs15_any_object*)(cert->cert_prvkey) != obj)
continue; continue;
pkcs15_add_object(slot, obj2, NULL); pkcs15_add_object(slot, obj2, NULL);
}
} }
break; break;
case SC_PKCS15_TYPE_CERT_X509: case SC_PKCS15_TYPE_CERT_X509:
@ -1246,6 +1256,10 @@ int slot_get_logged_in_state(struct sc_pkcs11_slot *slot)
struct sc_pkcs15_object *pin_obj = NULL; struct sc_pkcs15_object *pin_obj = NULL;
struct sc_pkcs15_auth_info *pin_info; struct sc_pkcs15_auth_info *pin_info;
if (slot->p11card == NULL) {
goto out;
}
fw_data = (struct pkcs15_fw_data *) slot->p11card->fws_data[slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) slot->p11card->fws_data[slot->fw_data_idx];
if (!fw_data) if (!fw_data)
goto out; goto out;
@ -1432,7 +1446,9 @@ pkcs15_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app_inf
CK_RV rv; CK_RV rv;
int rc, i, idx; int rc, i, idx;
sc_log(context, "create PKCS#15 tokens; fws:%p,%p,%p", p11card->fws_data[0], p11card->fws_data[1], p11card->fws_data[2]); if (p11card) {
sc_log(context, "create PKCS#15 tokens; fws:%p,%p,%p", p11card->fws_data[0], p11card->fws_data[1], p11card->fws_data[2]);
}
sc_log(context, "create slots flags 0x%X", cs_flags); sc_log(context, "create slots flags 0x%X", cs_flags);
/* Find out framework data corresponding to the given application */ /* Find out framework data corresponding to the given application */
@ -1549,13 +1565,18 @@ static CK_RV
pkcs15_login(struct sc_pkcs11_slot *slot, CK_USER_TYPE userType, pkcs15_login(struct sc_pkcs11_slot *slot, CK_USER_TYPE userType,
CK_CHAR_PTR pPin, CK_ULONG ulPinLen) CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
{ {
struct sc_pkcs11_card *p11card = slot->p11card; struct sc_pkcs11_card *p11card;
struct pkcs15_fw_data *fw_data = NULL; struct pkcs15_fw_data *fw_data = NULL;
struct sc_pkcs15_card *p15card = NULL; struct sc_pkcs15_card *p15card = NULL;
struct sc_pkcs15_object *auth_object = NULL; struct sc_pkcs15_object *auth_object = NULL;
struct sc_pkcs15_auth_info *pin_info = NULL; struct sc_pkcs15_auth_info *pin_info = NULL;
int rc; int rc;
if (slot->p11card == NULL) {
return CKR_TOKEN_NOT_RECOGNIZED;
}
p11card = slot->p11card;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Login"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Login");
@ -1627,6 +1648,8 @@ pkcs15_login(struct sc_pkcs11_slot *slot, CK_USER_TYPE userType,
if (pin_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN) if (pin_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
return CKR_FUNCTION_REJECTED; return CKR_FUNCTION_REJECTED;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
if (p11card->card->reader->capabilities & SC_READER_CAP_PIN_PAD if (p11card->card->reader->capabilities & SC_READER_CAP_PIN_PAD
|| (p15card->card->caps & SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH)) { || (p15card->card->caps & SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH)) {
/* pPin should be NULL in case of a pin pad reader, but /* pPin should be NULL in case of a pin pad reader, but
@ -1734,6 +1757,8 @@ pkcs15_logout(struct sc_pkcs11_slot *slot)
CK_RV ret = CKR_OK; CK_RV ret = CKR_OK;
int rc; int rc;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Logout"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Logout");
@ -1777,6 +1802,8 @@ pkcs15_change_pin(struct sc_pkcs11_slot *slot,
int login_user = slot->login_user; int login_user = slot->login_user;
int rc; int rc;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_SetPin"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_SetPin");
@ -1854,6 +1881,8 @@ pkcs15_initialize(struct sc_pkcs11_slot *slot, void *ptr,
CK_RV rv; CK_RV rv;
sc_log(context, "Get 'enable-InitToken' card configuration option"); sc_log(context, "Get 'enable-InitToken' card configuration option");
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
conf_block = sc_get_conf_block(p11card->card->ctx, "framework", "pkcs15", 1); conf_block = sc_get_conf_block(p11card->card->ctx, "framework", "pkcs15", 1);
enable_InitToken = scconf_get_bool(conf_block, "pkcs11_enable_InitToken", 0); enable_InitToken = scconf_get_bool(conf_block, "pkcs11_enable_InitToken", 0);
@ -1985,6 +2014,8 @@ pkcs15_init_pin(struct sc_pkcs11_slot *slot, CK_CHAR_PTR pPin, CK_ULONG ulPinLen
p11args.pin = pPin; p11args.pin = pPin;
p11args.pin_len = ulPinLen; p11args.pin_len = ulPinLen;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
rc = sc_card_ctl(p11card->card, SC_CARDCTL_PKCS11_INIT_PIN, &p11args); rc = sc_card_ctl(p11card->card, SC_CARDCTL_PKCS11_INIT_PIN, &p11args);
if (rc != SC_ERROR_NOT_SUPPORTED) { if (rc != SC_ERROR_NOT_SUPPORTED) {
if (rc == SC_SUCCESS) if (rc == SC_SUCCESS)
@ -2087,6 +2118,8 @@ pkcs15_create_private_key(struct sc_pkcs11_slot *slot, struct sc_profile *profil
char label[SC_PKCS15_MAX_LABEL_SIZE]; char label[SC_PKCS15_MAX_LABEL_SIZE];
memset(&args, 0, sizeof(args)); memset(&args, 0, sizeof(args));
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject");
@ -2254,6 +2287,8 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile
CK_BBOOL temp_object = FALSE; CK_BBOOL temp_object = FALSE;
memset(&args, 0, sizeof(args)); memset(&args, 0, sizeof(args));
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject");
@ -2426,6 +2461,8 @@ pkcs15_create_public_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile
char label[SC_PKCS15_MAX_LABEL_SIZE]; char label[SC_PKCS15_MAX_LABEL_SIZE];
memset(&args, 0, sizeof(args)); memset(&args, 0, sizeof(args));
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject");
@ -2532,6 +2569,8 @@ pkcs15_create_certificate(struct sc_pkcs11_slot *slot,
char label[SC_PKCS15_MAX_LABEL_SIZE]; char label[SC_PKCS15_MAX_LABEL_SIZE];
memset(&args, 0, sizeof(args)); memset(&args, 0, sizeof(args));
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject");
@ -2616,6 +2655,8 @@ pkcs15_create_data(struct sc_pkcs11_slot *slot, struct sc_profile *profile,
memset(&args, 0, sizeof(args)); memset(&args, 0, sizeof(args));
sc_init_oid(&args.app_oid); sc_init_oid(&args.app_oid);
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject");
@ -2694,6 +2735,8 @@ pkcs15_create_object(struct sc_pkcs11_slot *slot, CK_ATTRIBUTE_PTR pTemplate, CK
int rc; int rc;
CK_BBOOL p15init_create_object; CK_BBOOL p15init_create_object;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject");
@ -2960,6 +3003,8 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism,
&& pMechanism->mechanism != CKM_EC_KEY_PAIR_GEN) && pMechanism->mechanism != CKM_EC_KEY_PAIR_GEN)
return CKR_MECHANISM_INVALID; return CKR_MECHANISM_INVALID;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GenerateKeyPair"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GenerateKeyPair");
@ -3133,6 +3178,8 @@ pkcs15_skey_destroy(struct sc_pkcs11_session *session, void *object)
struct pkcs15_fw_data *fw_data = NULL; struct pkcs15_fw_data *fw_data = NULL;
int rv; int rv;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GenerateKeyPair"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GenerateKeyPair");
@ -3171,6 +3218,8 @@ pkcs15_any_destroy(struct sc_pkcs11_session *session, void *object)
struct sc_profile *profile = NULL; struct sc_profile *profile = NULL;
int rv; int rv;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_DestroyObject"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_DestroyObject");
@ -3250,6 +3299,8 @@ pkcs15_get_random(struct sc_pkcs11_slot *slot, CK_BYTE_PTR p, CK_ULONG len)
struct pkcs15_fw_data *fw_data = NULL; struct pkcs15_fw_data *fw_data = NULL;
int rc; int rc;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GenerateRandom"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GenerateRandom");
@ -3298,6 +3349,8 @@ pkcs15_set_attrib(struct sc_pkcs11_session *session, struct sc_pkcs15_object *p1
int rv = 0; int rv = 0;
CK_RV ck_rv = CKR_OK; CK_RV ck_rv = CKR_OK;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_SetAttributeValue"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_SetAttributeValue");
@ -3397,6 +3450,8 @@ pkcs15_cert_get_attribute(struct sc_pkcs11_session *session, void *object, CK_AT
sc_log(context, "pkcs15_cert_get_attribute() called"); sc_log(context, "pkcs15_cert_get_attribute() called");
p11card = session->slot->p11card; p11card = session->slot->p11card;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue");
@ -3499,6 +3554,8 @@ pkcs15_cert_cmp_attribute(struct sc_pkcs11_session *session,
size_t len, _len; size_t len, _len;
sc_log(context, "pkcs15_cert_cmp_attribute() called"); sc_log(context, "pkcs15_cert_cmp_attribute() called");
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
if (!fw_data) { if (!fw_data) {
sc_log(context, "pkcs15_cert_cmp_attribute() returns SC_ERROR_INTERNAL"); sc_log(context, "pkcs15_cert_cmp_attribute() returns SC_ERROR_INTERNAL");
@ -3599,6 +3656,8 @@ pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session,
sc_log(context, "pkcs15_prkey_get_attribute() called"); sc_log(context, "pkcs15_prkey_get_attribute() called");
p11card = session->slot->p11card; p11card = session->slot->p11card;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue");
@ -3840,6 +3899,8 @@ pkcs15_prkey_sign(struct sc_pkcs11_session *session, void *obj,
sc_log(context, "Initiating signing operation, mechanism 0x%lx.", sc_log(context, "Initiating signing operation, mechanism 0x%lx.",
pMechanism->mechanism); pMechanism->mechanism);
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Sign"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Sign");
@ -4010,6 +4071,8 @@ pkcs15_prkey_unwrap(struct sc_pkcs11_session *session, void *obj,
sc_log(context, "Initiating unwrapping with private key."); sc_log(context, "Initiating unwrapping with private key.");
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_UnwrapKey"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_UnwrapKey");
@ -4071,6 +4134,8 @@ pkcs15_prkey_decrypt(struct sc_pkcs11_session *session, void *obj,
sc_log(context, "Initiating decryption."); sc_log(context, "Initiating decryption.");
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Decrypt"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Decrypt");
@ -4144,6 +4209,8 @@ pkcs15_prkey_derive(struct sc_pkcs11_session *session, void *obj,
sc_log(context, "Initiating derivation"); sc_log(context, "Initiating derivation");
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_DeriveKey"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_DeriveKey");
@ -4219,6 +4286,8 @@ pkcs15_prkey_can_do(struct sc_pkcs11_session *session, void *obj,
if (!pkinfo->algo_refs[0]) if (!pkinfo->algo_refs[0])
return CKR_FUNCTION_NOT_SUPPORTED; return CKR_FUNCTION_NOT_SUPPORTED;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
token_algos = &fw_data->p15_card->tokeninfo->supported_algos[0]; token_algos = &fw_data->p15_card->tokeninfo->supported_algos[0];
@ -4373,6 +4442,8 @@ pkcs15_pubkey_get_attribute(struct sc_pkcs11_session *session, void *object, CK_
p11card = session->slot->p11card; p11card = session->slot->p11card;
cert = pubkey->pub_genfrom; cert = pubkey->pub_genfrom;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue");
@ -4600,9 +4671,12 @@ pkcs15_dobj_get_value(struct sc_pkcs11_session *session,
{ {
struct sc_pkcs11_card *p11card = session->slot->p11card; struct sc_pkcs11_card *p11card = session->slot->p11card;
struct pkcs15_fw_data *fw_data = NULL; struct pkcs15_fw_data *fw_data = NULL;
struct sc_card *card = session->slot->p11card->card; struct sc_card *card;
int rv; int rv;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
card = session->slot->p11card->card;
if (!out_data) if (!out_data)
return SC_ERROR_INVALID_ARGUMENTS; return SC_ERROR_INVALID_ARGUMENTS;
if (dobj->info->data.len == 0) if (dobj->info->data.len == 0)
@ -4883,6 +4957,8 @@ pkcs15_skey_unwrap(struct sc_pkcs11_session *session, void *obj,
sc_log(context, "Initiating unwrapping with a secret key."); sc_log(context, "Initiating unwrapping with a secret key.");
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
if (!fw_data) if (!fw_data)
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_UnwrapKey"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_UnwrapKey");
@ -4961,6 +5037,8 @@ pkcs15_skey_wrap(struct sc_pkcs11_session *session, void *obj,
} }
p11card = session->slot->p11card; p11card = session->slot->p11card;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
if (!fw_data) if (!fw_data)

14
src/pkcs11/framework-pkcs15init.c
View File

@ -32,10 +32,13 @@
*/ */
static CK_RV pkcs15init_bind(struct sc_pkcs11_card *p11card, struct sc_app_info *app_info) static CK_RV pkcs15init_bind(struct sc_pkcs11_card *p11card, struct sc_app_info *app_info)
{ {
struct sc_card *card = p11card->card; struct sc_card *card;
struct sc_profile *profile; struct sc_profile *profile;
int rc; int rc;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
card = p11card->card;
rc = sc_pkcs15init_bind(card, "pkcs15", NULL, NULL, &profile); rc = sc_pkcs15init_bind(card, "pkcs15", NULL, NULL, &profile);
if (rc == 0) if (rc == 0)
p11card->fws_data[0] = profile; p11card->fws_data[0] = profile;
@ -46,6 +49,8 @@ static CK_RV pkcs15init_unbind(struct sc_pkcs11_card *p11card)
{ {
struct sc_profile *profile; struct sc_profile *profile;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
profile = (struct sc_profile *) p11card->fws_data[0]; profile = (struct sc_profile *) p11card->fws_data[0];
sc_pkcs15init_unbind(profile); sc_pkcs15init_unbind(profile);
return CKR_OK; return CKR_OK;
@ -59,6 +64,8 @@ pkcs15init_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app
struct sc_pkcs11_slot *slot; struct sc_pkcs11_slot *slot;
CK_RV rc; CK_RV rc;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
profile = (struct sc_profile *) p11card->fws_data[0]; profile = (struct sc_profile *) p11card->fws_data[0];
rc = slot_allocate(&slot, p11card); rc = slot_allocate(&slot, p11card);
@ -127,12 +134,15 @@ pkcs15init_initialize(struct sc_pkcs11_slot *pslot, void *ptr,
CK_UTF8CHAR_PTR pLabel) CK_UTF8CHAR_PTR pLabel)
{ {
struct sc_pkcs11_card *p11card = pslot->p11card; struct sc_pkcs11_card *p11card = pslot->p11card;
struct sc_profile *profile = (struct sc_profile *) p11card->fws_data[0]; struct sc_profile *profile;
struct sc_pkcs15init_initargs args; struct sc_pkcs15init_initargs args;
struct sc_pkcs11_slot *slot; struct sc_pkcs11_slot *slot;
CK_RV rv; CK_RV rv;
int rc, id; int rc, id;
if (!p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
profile = (struct sc_profile *) p11card->fws_data[0];
memset(&args, 0, sizeof(args)); memset(&args, 0, sizeof(args));
args.so_pin = pPin; args.so_pin = pPin;
args.so_pin_len = ulPinLen; args.so_pin_len = ulPinLen;

2
src/pkcs11/mechanism.c
View File

@ -1211,7 +1211,7 @@ sc_pkcs11_register_sign_and_hash_mechanism(struct sc_pkcs11_card *p11card,
info = calloc(1, sizeof(*info)); info = calloc(1, sizeof(*info));
if (!info) if (!info)
LOG_FUNC_RETURN(p11card->card->ctx, SC_ERROR_OUT_OF_MEMORY); return CKR_HOST_MEMORY;
info->mech = mech; info->mech = mech;
info->sign_type = sign_type; info->sign_type = sign_type;

2
src/pkcs11/misc.c
View File

@ -140,7 +140,7 @@ CK_RV restore_login_state(struct sc_pkcs11_slot *slot)
if (sc_pkcs11_conf.atomic && slot) { if (sc_pkcs11_conf.atomic && slot) {
if (list_iterator_start(&slot->logins)) { if (list_iterator_start(&slot->logins)) {
struct sc_pkcs11_login *login = list_iterator_next(&slot->logins); struct sc_pkcs11_login *login = list_iterator_next(&slot->logins);
while (login) { while (login && slot->p11card && slot->p11card->framework) {
r = slot->p11card->framework->login(slot, login->userType, r = slot->p11card->framework->login(slot, login->userType,
login->pPin, login->ulPinLen); login->pPin, login->ulPinLen);
if (r != CKR_OK) if (r != CKR_OK)

6
src/pkcs11/pkcs11-object.c
View File

@ -1015,7 +1015,8 @@ CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE hSession, /* the session's handle */
} }
slot = session->slot; slot = session->slot;
if (slot->p11card->framework->gen_keypair == NULL) if (slot == NULL || slot->p11card == NULL || slot->p11card->framework == NULL
|| slot->p11card->framework->gen_keypair == NULL)
rv = CKR_FUNCTION_NOT_SUPPORTED; rv = CKR_FUNCTION_NOT_SUPPORTED;
else { else {
rv = restore_login_state(slot); rv = restore_login_state(slot);
@ -1283,7 +1284,8 @@ CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, /* the session's handle */
rv = get_session(hSession, &session); rv = get_session(hSession, &session);
if (rv == CKR_OK) { if (rv == CKR_OK) {
slot = session->slot; slot = session->slot;
if (slot->p11card->framework->get_random == NULL) if (slot == NULL || slot->p11card == NULL || slot->p11card->framework == NULL
|| slot->p11card->framework->get_random == NULL)
rv = CKR_RANDOM_NO_RNG; rv = CKR_RANDOM_NO_RNG;
else else
rv = slot->p11card->framework->get_random(slot, RandomData, ulRandomLen); rv = slot->p11card->framework->get_random(slot, RandomData, ulRandomLen);

21
src/pkcs11/pkcs11-session.c
View File

@ -120,8 +120,11 @@ static CK_RV sc_pkcs11_close_session(CK_SESSION_HANDLE hSession)
slot->login_user = -1; slot->login_user = -1;
if (sc_pkcs11_conf.atomic) if (sc_pkcs11_conf.atomic)
pop_all_login_states(slot); pop_all_login_states(slot);
else else {
if (slot->p11card == NULL)
return CKR_TOKEN_NOT_RECOGNIZED;
slot->p11card->framework->logout(slot); slot->p11card->framework->logout(slot);
}
} }
if (list_delete(&sessions, session) != 0) if (list_delete(&sessions, session) != 0)
@ -289,7 +292,7 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession, /* the session's handle */
} }
else { else {
rv = restore_login_state(slot); rv = restore_login_state(slot);
if (rv == CKR_OK) if (rv == CKR_OK && slot->p11card && slot->p11card->framework)
rv = slot->p11card->framework->login(slot, userType, pPin, ulPinLen); rv = slot->p11card->framework->login(slot, userType, pPin, ulPinLen);
rv = reset_login_state(slot, rv); rv = reset_login_state(slot, rv);
} }
@ -307,6 +310,8 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession, /* the session's handle */
rv = restore_login_state(slot); rv = restore_login_state(slot);
if (rv == CKR_OK) { if (rv == CKR_OK) {
sc_log(context, "C_Login() userType %li", userType); sc_log(context, "C_Login() userType %li", userType);
if (slot->p11card == NULL)
return CKR_TOKEN_NOT_RECOGNIZED;
rv = slot->p11card->framework->login(slot, userType, pPin, ulPinLen); rv = slot->p11card->framework->login(slot, userType, pPin, ulPinLen);
sc_log(context, "fLogin() rv %li", rv); sc_log(context, "fLogin() rv %li", rv);
} }
@ -347,8 +352,11 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession)
slot->login_user = -1; slot->login_user = -1;
if (sc_pkcs11_conf.atomic) if (sc_pkcs11_conf.atomic)
pop_all_login_states(slot); pop_all_login_states(slot);
else else {
if (!slot->p11card)
return CKR_TOKEN_NOT_RECOGNIZED;
rv = slot->p11card->framework->logout(slot); rv = slot->p11card->framework->logout(slot);
}
} else } else
rv = CKR_USER_NOT_LOGGED_IN; rv = CKR_USER_NOT_LOGGED_IN;
@ -385,7 +393,7 @@ CK_RV C_InitPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
slot = session->slot; slot = session->slot;
if (slot->login_user != CKU_SO) { if (slot->login_user != CKU_SO) {
rv = CKR_USER_NOT_LOGGED_IN; rv = CKR_USER_NOT_LOGGED_IN;
} else if (slot->p11card->framework->init_pin == NULL) { } else if (slot->p11card == NULL || slot->p11card->framework->init_pin == NULL) {
rv = CKR_FUNCTION_NOT_SUPPORTED; rv = CKR_FUNCTION_NOT_SUPPORTED;
} else { } else {
rv = restore_login_state(slot); rv = restore_login_state(slot);
@ -430,8 +438,11 @@ CK_RV C_SetPIN(CK_SESSION_HANDLE hSession,
} }
rv = restore_login_state(slot); rv = restore_login_state(slot);
if (rv == CKR_OK) if (rv == CKR_OK) {
if (slot->p11card == NULL)
return CKR_TOKEN_NOT_RECOGNIZED;
rv = slot->p11card->framework->change_pin(slot, pOldPin, ulOldLen, pNewPin, ulNewLen); rv = slot->p11card->framework->change_pin(slot, pOldPin, ulOldLen, pNewPin, ulNewLen);
}
rv = reset_login_state(slot, rv); rv = reset_login_state(slot, rv);
out: out:

4
src/pkcs11/slot.c
View File

@ -495,8 +495,8 @@ CK_RV slot_token_removed(CK_SLOT_ID id)
/* Release framework stuff */ /* Release framework stuff */
if (slot->p11card != NULL) { if (slot->p11card != NULL) {
if (slot->fw_data != NULL && if (slot->fw_data != NULL && slot->p11card->framework != NULL
slot->p11card->framework != NULL && slot->p11card->framework->release_token != NULL) { && slot->p11card->framework->release_token != NULL) {
slot->p11card->framework->release_token(slot->p11card, slot->fw_data); slot->p11card->framework->release_token(slot->p11card, slot->fw_data);
slot->fw_data = NULL; slot->fw_data = NULL;
} }